Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Debian 11: tiff Important Memory Corruption DoS DLA-4315-1 CVE-2024-13978

debian lts
Calendar Grey September 30, 2025
Dist Debian Esm H88
Multiple vulnerabilities fixed in tiff library, affecting reliability and security. Immediate update recommended.
Multiple vulnerabilities were fixed in tiff, a library and tools providing support for the Tag Image File Format (TIFF)

Summary

CVE-2024-13978

Affected by this vulnerability is the function t2p_read_tiff_init of
the file tools/tiff2pdf.c of the component fax2ps. The manipulation
leads to null pointer dereference. The attack needs to be approached
locally. The complexity of an attack is rather high. The exploitation
appears to be difficult.

CVE-2025-9900

This vulnerability is a "write-what-where" condition, triggered
when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's
metadata, an attacker can trick the library into writing
attacker-controlled color data to an arbitrary memory location.
This memory corruption can be exploited to cause a denial of
service (application crash) or to achieve arbitrary code execution
with the permissions of the user.

For Debian 11 bullseye, these problems have been fixed in version
4.2.0-1+deb11u7.

We recommend that you upgrade your tiff packages.

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: tiff
Version: 4.2.0-1+deb11u7
CVE ID: CVE-2024-13978 CVE-2025-9900
Debian Bug:

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here